A group of researchers from two universities have proposed a way to prevent chip piracy. The technique uses public key cryptography to lock down circuitry.

In a whitepaper published this month, Jarrod A. Roy and Igor L. Markov (of the University of Michigan) and Farinaz Koushanfar (of Rice University) outline the problem and details of how their proposed technology will help solve the increasing piracy of chip designs.

Markov will present the group’s proposal at the Design Automation and Test in Europe conference, to be held in Germany on March 13, 2008.

It’s a very technical read, but still interesting to see the diversity that public key cryptography can be used for.

DVD Jon has been able to activate an iPhone without activating its phone features so that you can use the iPhone as a wifi-enabled PDA/iPod.

Combined with the fact that users have already found the name and password for two accounts, including root and you have to wonder how long until either:

• a Skype or other VOIP program will be able to run on the iPhone using only its wifi capability
• The iPhone can be truly unlocked and run on any GSM phone network (not just AT&T/Cingular)

Nifty, but the iPod needs to be running Linux to be infected by Linux.Noslo.

Kaspersky Lab has discovered the first virus designed to infect iPod portable media players. The virus, which has been named Podloso, is a proof of concept program which does not pose a real threat.

The virus is a file which can be launched and run on an iPod. It should be stressed that in order for the virus to function, Linux has to be installed on the iPod. If the virus is installed to the iPod by the user, the virus then installs itself to the folder which contains program demo versions. Podloso cannot be launched automatically without user involvement.

Also, the virus has to actually be installed by the user, but just think about all of those other portable devices, cell phones included, where that isn’t the case.

Here [via SANS ].

For example:

Paradise Systems sells a product called Car-Safe, which is designed to protect your valuables while they are being stored/transported in the trunk of your vehicle.

Better yet, carry your laptop with you at all times possible.

Now this is “thinking ahead” about security. Let’s see if the technology makes it though (personally I have high hopes).

Worrying about malicious software may be premature for a technology so young. The first digital electronic computer, ENIAC, went online in 1946 and the first known attacks against computer systems occurred about two decades later. Yet, in all likelihood, such attacks will become a reality, and that’s reason enough to worry now, said USC’s Lidar.

There is no telling what such an attack might look like. Destroying data or circumventing a calculation on a quantum computer is the easiest course. Attackers could operate a rogue computer on the quantum network or corrupt the communications line, he said.

Because some of the greatest advantages of quantum computing are in the area of security, I suspect that it will be on the forefront of quantum research.

From eWeek:

If the plan is perfectly executed, Nicholas Negroponte’s One Laptop Per Child project will deploy 100 million laptops in the first year. In one fell swoop, the nonprofit organization will create the largest computing monoculture in history.
Wary of the security risks associated with a computing monoculture—millions of machines with hardware and software of identical design—OLPC foundation officials are seeking help from the world’s best hackers to review the full specifications of the $100 laptop’s security model.

It’s a good question, and worth some thought. You probably can’t go down the typical anti-virus route depending on constantly updated signatures of common viruses. Yet, you need an updating scheme for when flaws are detected. You need strong controls everywhere from the BIOS to the disk, but you don’t want to hamstring users.

Perhaps a call to the Xbox 360 team at Microsoft would be in order. That’s been out for about a year, and despite the attempts of tons of hackers, people still can’t run unauthorized stuff on there—yet.

Already over 20 million PCs worldwide are equipped with a tiny security chip called the Trusted Platform Module, although it is as yet rarely activated. But once merchants and other online services begin to use it, the TPM will do something never before seen on the Internet: provide virtually fool-proof verification that you are who you say you are.

Source: MSNBC

Wrong. It will prove that your machine is your machine.

Here’s a scenario:
Young person in a coffee shop with a laptop browsing the Web. They get up for a second – then (enter bad-guy), snatch and run. Now “bad-guy or gal” doesn’t need a password to login to your bank account online. Or savings, or Amazon account, etc.

That could be the not-so-distant future for two basic reasons.

1. People don’t use security.
2. Snatch and run is effective in any century.

Not to mention the privacy concerns. I have opened up a can of worms, feel free to add and take.

IBM has announced a combination of encryption technology and services to improve security and privacy.

The centerpiece of the solution is the introduction of the industry’s first fully encrypting data drive… The open-standards-based drive is designed to protect the data in the event that it is lost or stolen, rendering it unreadable to anyone who finds it… It will also provide customers with the ability to share encrypted tapes with their business partners.

The TS1120 Tape Drive utilizes public key cryptography, although it is not clear if it would make use of existing enterprise PKI or not. It seems to use PKI built into the IBM z/OS operating system. Key management is handled by the IBM Encryption Key Manager for Java.

I’m not sure if I should get excited about this or not.

via Jon Erickson’s DDJ Security blog: IBM: First-of-its-kind encryption?

I am a fan of used cell phones, they are great for travel overseas, cheaper, and do the trick (make and receive phone calls).

I read this the other day and it caught my eye. As cell phones become more advanced we business-types and teeny-boppers use our mobile to do all sorts of things.

Store phone numbers yes. But what about text messages, notes, documents…perhaps credit card number or other sensitive information?

I’m sure that many, many, people have texted their credit card numbers to family members.

“Hi honey, could you buy this with the AMEX? I’ll text you the number…”

A company, Trust Digital of McLean, Va., bought 10 phones on eBay this summer to test phone-security tools it sells for businesses. The phones all were fairly sophisticated models capable of working with corporate e-mail systems.

The phones contained:

*One company’s plans to win a multimillion-dollar federal transportation contract.

*E-mails about another firm’s $50,000 payment for a software license.

*Bank accounts and passwords.

*Details of prescriptions and receipts for one worker’s utility payments.

The recovered information was equal to 27,000 pages _ a stack of printouts 8 feet high.

From only 10 cell phones. Many phones do offer options that will completely destroy the information on cell phones. You’ll have to read you instruction manual to find out exactly how to do it.

You lock your house, car, and desk at night. But how many of us lock our laptops up?

We’ve seen and heard a string of recent laptop thefts, leading to major “privacy” breaches. After a few recent high-profile arrests, it makes me wonder, what were the thieves after?

Seems that in many cases they were after the hardware, and didn’t know a thing or two about decrypting hard drives. Now I know, they could go on to sell these items to folks who knew how to crack such security measures, but our innocent laptops don’t have to be put in this situation to begin with.

Companies spend lots of money to buy locks for everything else, why not laptops? An encrypted hard drive is not going to protect you from a broken window and two fast feet. Laptop locks are cheap, and putting one away in your locked desk is even cheaper.

Not only good advice for work and home, but all of those college kids out there with open dorm room doors.